[wp-trac] [WordPress Trac] #58902: add_query_arg() should esc_url_raw() REQUEST_URI
WordPress Trac
noreply at wordpress.org
Mon Oct 9 23:49:47 UTC 2023
#58902: add_query_arg() should esc_url_raw() REQUEST_URI
-------------------------------------------------+-------------------------
Reporter: jorbin | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: has-patch has-testing-info has- | Focuses:
unit-tests changes-requested |
-------------------------------------------------+-------------------------
Comment (by ivanzhuck):
@oglekler
The string `baz=1` is not a valid relative URL. If we send it as a
parameter for the function
`esc_url_raw()` it returns `http://baz=1` that is also not valid URL. We
can't use unacceptable URL as a positive test case, because the ticket is
about preventing that. So we should add `?` before `baz=1` to make the URL
correct. Do you agree with me?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58902#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list